120 likes | 206 Views
Active Directory Assessment Results. Click here to view in Azure Log Analytics. Executive Summary. 1. What went well:. 92 % Passed. Upgrade, Migration and Deployment. 2. What needs Improvement:. Availability and Business Continuity. 3. Highest Priority Recommendations:.
E N D
Active Directory Assessment Results Click here to view in Azure Log Analytics
Executive Summary 1. What went well: 92% Passed • Upgrade, Migration and Deployment 2. What needs Improvement: • Availability and Business Continuity 3. Highest Priority Recommendations: • Configure additional domain controllers on the domain
Availability and Business Continuity • Highest Priority Recommendations • Configure additional domain controllers on the domain Backup Active Directory immediately and implement a regular backup schedule Enable prevention of accidental deletions of DNS zones stored in Active Directory Domain Services (ADDS) Create additional global catalog servers Configure the Root PDC with an Authoritative Time Source and Avoid Widespread Time Skew Configure static IP addresses on domain controllers Add subnet definitions to Active Directory sites Configure the Domain Name System (DNS) servers to point to more than one DNS forwarder Consider creating multiple Active Directory sites if your physical environment has multiple locations Perform a backup of the affected Active Directory partition at least once in the period defined by the Backup latency interval value 93% Passed
Security and Compliance • Highest Priority Recommendations • Clear the property of user accounts allowing them to have blank passwords Mitigate security risks by configuring “Deny log on as a service” Permission Mitigate security risks by configuring “Deny access to this computer from the network” permission Mitigate Security Risks By Configuring “Deny Log On Locally” Permission Mitigate security risks by configuring “Deny log on as a batch job” Permission Mitigate Security Risks By Configuring ”Deny Log On Through Remote Desktop Services” Permission Enforce password expiry policies for members of well-known administrative groups Validate all accounts having passwords that do not expire Remove all members from the Schema Admins group unless you are actively changing the schema Set the account lockout threshold to the recommended value 87% Passed
Upgrade, Migration and Deployment • Highest Priority Recommendations • Consider raising Domain Functional Level 97% Passed
Performance and Scalability • Highest Priority Recommendations • Ensure Active Directory sites have associated subnets 98% Passed
Operations and Monitoring • Highest Priority Recommendations • Regularly check for and remove inactive user accounts in Active Directory Associate subnet definitions with the relevant sites Check that having all Domain Controllers virtualized is a sensible design decision for your environment Prepare to provision users through directory synchronization to Office 365 Disable the user section if the GPO does not contain user settings 91% Passed